package inventory.shiro.realm;

import com.baomidou.mybatisplus.mapper.EntityWrapper;
import inventory.entity.Manager;
import inventory.entity.User;
import inventory.entity.po.ManagerPermissionRecordPo;
import inventory.entity.po.PermissionRecordPo;
import inventory.mappers.ManagerPermissionRecordPoMapper;
import inventory.mappers.PermissionRecordPoMapper;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/**
 * 只做授权，已经把认证过程分给managerRealm 和 userRealm
 */
public class AuthorizerRealm extends AuthorizingRealm {

    @Autowired
    private ApplicationContext applicationContext;

    //授权,在调用requireRole或者requirePermission时会进入该方法
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {

        System.out.println("进入自定义Realm授权...");

        //查到权限数据，返回授权信息
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();

        PermissionRecordPoMapper permissionRecordPoMapper = (PermissionRecordPoMapper) applicationContext.getBean("permissionRecordPoMapper");
        ManagerPermissionRecordPoMapper managerpermissionRecordPoMapper = (ManagerPermissionRecordPoMapper) applicationContext.getBean("managerPermissionRecordPoMapper");



        if (principals.getPrimaryPrincipal() instanceof User) {

            //获取在认证的时候存入的checkUser
            User user = (User) principals.getPrimaryPrincipal();
            //添加角色信息
            Set<String> roleSet = new HashSet<>();
            roleSet.add(user.getRoleId());
            simpleAuthorizationInfo.addRoles(roleSet);

            //添加权限信息
            List<PermissionRecordPo> permissionRecordPoList = permissionRecordPoMapper.selectList(new EntityWrapper<PermissionRecordPo>().eq("user_id", user.getUserId()));
            List<String> permissionRecords = new ArrayList<>();
            for (PermissionRecordPo item: permissionRecordPoList) {
                permissionRecords.add(item.getPermission());
            }
            simpleAuthorizationInfo.addStringPermissions(permissionRecords);

        }else if (principals.getPrimaryPrincipal() instanceof Manager){

            //获取在认证的时候存入的manager
            Manager manager = (Manager) principals.getPrimaryPrincipal();
            //添加角色信息
            Set<String> roleSet = new HashSet<>();
            roleSet.add(manager.getManagerId());
            simpleAuthorizationInfo.addRoles(roleSet);

            //添加权限信息
            List<ManagerPermissionRecordPo> managerPermissionRecordPoList = managerpermissionRecordPoMapper.selectList(new EntityWrapper<ManagerPermissionRecordPo>().eq("manager_id", manager.getManagerId()));
            List<String> permissionRecords = new ArrayList<>();
            for (ManagerPermissionRecordPo item: managerPermissionRecordPoList) {
                permissionRecords.add(item.getPermission());
            }
            simpleAuthorizationInfo.addStringPermissions(permissionRecords);

        }else {
            throw new AuthorizationException("principal的类型不正确");
        }


        return simpleAuthorizationInfo;
    }

    //在本项目中，已经把认证过程分给managerRealm 和 userRealm
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        return null;
    }
}
